Search

Remote Procedure Call Runtime Vulnerability (CVE-2022-26809)

Canon Medical Systems Security Advisory

Overview:
It was announced that there is security vulnerability that affects Microsoft Remote Procedure Call (RPC) runtime. A remote code execution vulnerability exists when an attacker sends a specially crafted RPC call to an RPC host. An attacker who successfully exploited this vulnerability could run arbitrary code.
REF: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26809

Vulnerability Overview:
RPC is a communication method for calling and executing programs from other terminals connected to the network. CVE-2022-26809 is a remote code execution vulnerability in Microsoft RPC runtime and affects Windows. To exploit this vulnerability, an attacker would need to send a specially crafted RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service. Microsoft RPC allows for messages to be transmitted in different ways.

SMB (port 445 TCP or port 139 TCP) are most common. The commands over SMB are sent as named pipe writes that are then passed to the respective service.
Via TCP (port 135 TCP and high port). The clients first connect to an endpoint mapper which will return the port number the service uses. Then a second TCP connection to the high port will be transmitting the RPC message.
Via HTTP (default port 593). This is useful if RPC is exposed over the Internet. TLS can be used for encryption and HTTP may provide additional authentication options.

Possible Affected Canon Medical Systems Products:
The following products are not affected because it is blocking RPC related ports (135, 139, 445, 593).

UL Medical Imaging Products
NM Medical Imaging Products

The following products may be affected potentially:

CT Medical Imaging Products
MR Medical Imaging Products
VL Medical Imaging Products
XR Medical Imaging Products

At this time, we have not received any reports that this vulnerability has been exploited.

Resolution:
Canon Medical Systems Corporation will provide the update information for Microsoft vulnerabilities. The current schedule is as follows. The schedule will be updated.

CT	Aquilion Precision V10.10	April 2022
	Aquilion ONE V10.12	May 2022
	Aquilion Exceed LB V10.9	July 2022

Mitigations:
The mitigation measures include the following.
- Block RPC related ports (135, 139, 445, 593) at the Firewall appliance on the facilities network

Due to medical device regulatory reasons, not all products/service displayed on this webpage are available in all countries, regions or markets. Future availability of the products/service cannot also be guaranteed. Please contact your local Canon Medical Group representative for further details.

Development and manufacturing functions of Canon Medical Systems Corporation have been transferred to CANON INC. In this website, any reference to “Canon Medical Systems Corporation” refers to “CANON INC.”